The Internet of Things. From smart speakers to retail beacons, the growth of connected devices is nothing short of explosive. According to Statista, the global market for Internet of things (IoT) end-user solutions is expected to grow to almost $600 billion in size by the end of 2021. The technology surpassed the $100 billion mark for the first time in 2017, and forecasts suggest that this figure will grow to around $1.6 trillion by 2025.
Along with explosive growth comes increased vulnerability. As noted on Wikipedia, “there are a number of serious concerns about dangers in the growth of the IoT, especially in the areas of privacy and security, and consequently, industry and governmental moves to address these concerns have begun including the development of international standards.”
Sternum – an embedded cybersecurity and analytics company – has announced its Dynamic Memory Protection is now officially patented by the U.S. Trademark and Patent Office, providing cutting-edge memory protection to embedded, low-resources devices and closed-source binaries. The company’s solution identifies attacks in IoT devices in real-time with less than one percent overhead, sparing R&D departments hours of work and wasted resources patching vulnerabilities that may never become exploitable.
So does Sternum’s patented technology help in situations witnessed a few years ago, where a DDoS attack used IoT devices to bring nearly the entire internet down across the US for almost a whole day?
“Sternum patents aim to prevent remote code execution and taking full control over mission-critical devices, not the prevention of DDoS attacks (which are less lethal),” Natali Tshuva, CEO and cofounder at Sternum, told me. “Sternum’s complete product offering offers prevention and detection of DDoS attacks and would have helped in the situation described.”
As the internet continues to intrude more on our daily lives in the form of IoT devices in grocery shops, hospitals, and our homes, sophisticated hackers and state-level attackers have more entry points into large swaths of data. A 2019 report from Akamai predicts a rise in weaponized cyber attacks throughout the next few years, and organizations across the globe are scrambling to keep up. An attacker that can hack a patient’s EKG machine, for example, might be able to gain access to the entire hospital’s network—including patient files, medical history, and payment information. Sternum’s newly patented technology monitors and blocks those attacks in real-time. Its Dynamic Memory Protection layer is focused on one of the top threats on IoT devices – memory-based vulnerabilities.
Any time an attacker attempts to exploit a vulnerability, they leave a digital fingerprint that is distinctly recognizable and identical across all attacks exploiting the entire classes or families of vulnerabilities.
“We prevent the attack and protect the device in a way that’s customizable to each manufacturer’s needs,” Tshuva said. “We cover any sort of attack so that when there’s an attempt to attack, we alert it in real-time through our platform.”
Sternum’s Dynamic Memory Protection leverages technology to track, identify, and locate that unique “Exploitation Fingerprint,” flagging the presence of a hacker and preventing the attack itself regardless of the memory-based vulnerability that is attempted to be exploited. With Sternum’s solution’s additional security protection layers, active mitigation against the widest range of threats is achieved. The solution is the first to install real-time, proactive cybersecurity on any pre or post-production device through a simple software update with no changes to existing code and is already deployed in scale in highly regulated industries.
Sternum also provides users with a cloud-based data analytics system and is the first company to provide actionable visibility into the security and behavior of IoT devices. Currently, many connected devices lack adequate security protection, and manufacturers cannot capture valuable data points from devices in operation. The Analytics and Detection System (ADS) unlocks hidden data points from within the device. It investigates all suspicious events and breach attempts and accumulates insights into said device’s internal operations, software functions, quality analysis, and third-party code.